Adolph
Engineer
Engineer
  • UID623
  • Fans4
  • Follows1
  • Posts72
Reads:2897Replies:0

[Share]Common Vulnerability Knowledge

Created#
More Posted time:Aug 19, 2016 9:11 AM
I. Code Execution Vulnerability of the Discuz! X Conversion Utility
 
Code Execution Vulnerability of the Discuz! X Conversion Utility
Affected Version:  
Discuz! X
Vulnerability Description:  
A code execution vulnerability exists in the Discuz! X plug-in /utility/convert/index.php. If the plug-in is not deleted or upgraded in a timely manner, an attacker can use the utility to directly execute any code to implant a webshell.  
Solution:  
1. Upgrade to the latest Discuz! version.  
2. Remove the program directory of the utility. The default directory is /utility.  
 
II. DoS Vulnerability of WordPress
Affected Version:  
 
WordPress 3.9.x-3.9.1
WordPress 3.8.x-3.8.3
WordPress 3.7.x-3.7.3
WordPress 3.6.x
WordPress 3.5.x
 
Vulnerability Description:  
The number of parameters in an xml file is not limited. As a result, an attacker can remotely inject malicious content into xml files, which directly causes denial of service (DoS) attacks to target servers.
 
Recommended Solution:  
 
1. Delete xmlrpc.php from the root directory. (It is recommended that the file be backed up before being deleted.)
2. Upgrade WordPress to the latest version.
 
III. User Login Vulnerability of the ECShop Client
Vulnerability No.: 1414
 
Vulnerability Description:
Early Dedecms versions have a variable replacement issue involving plus\myta_js.php. An attacker can submit variables to replace the global variables in the database connection configuration, so that the affected websites connect to the database specified by the attacker, read the content specified by the attacker, and directly write a webshell to the websites.  
 
Hazard:
Malicious hackers can use tools available over the internet to directly upload webshells to websites, leading to website intrusion.  
 
Recommended Solution
Upgrade Dedecms to the latest version.
 
IV. SQL statement injection
1. SQL statement injection is performed by an attacker to make a database server perform an unauthorized query.  
 
2. SQL statement injection leverages the SQL language to target vulnerabilities created during application programming by programmers. When an attacker can manipulate data and insert SQL statements inside applications, SQL statement injection occurs. By adding SQL statement elements to a predefined data-querying SQL statement of an application, an attacker can fool a server to perform unauthorized query for any data. SQL statement injection vulnerabulities are the most common vulnerabilities detected over the internet and have broad negative impacts. Many websites have been defaced since the latter half of 2007. Attackers take advantage of SQL statement injection to inject malicious HTML script tags by modifying the text in databases for generating dynamic web pages. Proliferation of such attacks started to accelerate in the first quarter of 2008 and has been affecting web programs with such vulnerabilities.  
 
Hazard
 
Web pages may be defaced.  
Data may be tampered.  
Core data may be stolen.  
Database servers may be turned into zombie hosts by attacks.  
Recommended Solutions:
 
It is recommended that data input by users be filtered. It is important to consider that all data input by users is insecure.  
 
Solution 1:  
1. Leverage web page code to carefully filter data input by users.  
2. Deploy a web application firewall.
3. Monitor database operations.
 
Solution 2: Use an open-source vulnerability fixing plug-in. (This requires that the website masters have programming skills and are capable of modifying server code.)
[Adolph edited the post at Aug 19, 2016 10:26 AM]
Guest